AI in the iGaming industry: Enhancing personalisation while avoiding manipulation

Across the digital economy, service personalisation is expected. Research shows that personalised bets and offers are now perceived as “valuable” by most players, with 80% of bettors rating tailored experiences positively.

This is one aspect in which Artificial intelligence (AI) is shaping consumer experience and supporting operators throughout the full lifecycle of their service offering – from customer onboarding, detecting manipulation, unusual betting patterns and fraud, to providing personalised player engagement. AI’s growing use and adoption offers significant opportunities for both operators and users in detecting early indicators of problem gambling by analysing betting patterns and session length, tailoring promotions to individual user profiles, and providing targeted game recommendations, resulting in stronger loyalty, and longer playing sessions.

As operators increasingly rely on AI to optimise player experience, they must carefully navigate the evolving regulatory framework to ensure they do not cross ethical lines and comply with the obligations arising from the EU’s Artificial Intelligence Act (AI Act), the General Data Protection Regulation (GDPR) and their licence frameworks.

The red line between legitimate personalisation and harmful manipulation is thin and calls for constant vigilance and human oversight.

The AI Act’s Risk‑Based Framework

As already explained in this series of articles, the AI Act introduces a structured, ex‑ante approach to governing AI systems, classifying them into four broad categories: unacceptable‑risk (prohibited), high‑risk, limited‑risk (systems subject to transparency obligations) and minimal‑risk. The most onerous obligations are reserved for high‑risk AI systems, with the AI Act also setting out a series of practices that are prohibited outright, irrespective of sector.

In practical terms, iGaming operators must firstly determine whether a particular software tool qualifies as an AI system under the definition of the AI Act. Secondly, they must classify each AI use case within the risk framework. Finally, they should identify their role in the AI value chain and evaluate the corresponding obligations.

The prohibitions imposed by the AI Act in relation to certain manipulative practices, and the transparency and data governance requirements are glaring examples of the AI Act’s relevance to gaming operators.

Prohibited Manipulation and Vulnerable Players

Article 5 of the AI Act prohibits AI systems that materially distort a person’s behaviour in a way that causes, or is likely to cause, significant harm or exploit vulnerabilities linked to a person’s age, disability or specific social or economic situation. Certain AI uses commonly associated with aggressive player engagement could fall under the AI Act’s unacceptable‑risk / prohibited category.

Examples of potentially prohibited practices may include AI-driven dynamic targeting of financially vulnerable players with higher‑risk offers or bonus structures, or games engineered to produce “near-miss” outcomes.

High‑Risk AI in the iGaming Ecosystem

The list of high-risk AI uses provided in the AI Act does not include i-gaming specific activities. This notwithstanding, a number of the AI tools now used by gaming operators can fall within the “high risk” category under the EU AI Act. Examples of such systems include predictive analytic systems that analyse player behaviour through emotion recognition, possibly also leading to profiling and adaptive gameplay; systems that automate account restrictions, or systems which assess financial risk on the basis of a player’s creditworthiness and profiling. Such a classification triggers stringent obligations around transparency, human oversight, data governance, and documentation and certification before they can be lawfully deployed.

Limited‑Risk AI: Transparency in Player Interactions

Most AI systems adopted within the iGaming industry are likely to fall within the limited‑risk or minimal‑risk categories, but they may still trigger specific transparency obligations.

A typical example is the use of AI‑powered customer support chatbots or virtual assistants embedded in an operator’s website or app. Where players interact with such systems, the AI Act imposes an obligation on operators to inform the players that they are communicating with an AI system, not a human agent, at the latest at the time of the first interaction.

While these obligations are lighter than those for high‑risk AI, they are important to maintain player trust and align with the AI Act’s emphasis on transparency and human oversight.

Beyond the AI Act: GDPR and Data‑Driven iGaming

The AI Act does not operate in isolation. Much of the value of AI use in the iGaming industry is derived from behavioural and transactional data – activity logs, device data, cookies and payment histories. The use of this data is regulated by the GDPR. Key points include:

  1. Lawful basis for processing: Operators must identify and document an appropriate lawful basis under Article 6 GDPR, and this must be reflected in privacy notices.
  2. Data minimisation and purpose limitation: AI systems should only process data that is adequate, relevant and limited to what is necessary for clearly specified purposes (e.g. problem‑gambling detection).
  3. Automated decision‑making: As per Article 22 GDPR, players have the right not to be subject to decisions based solely on automated processing, including profiling, where such decisions produce legal effects or similarly significantly affect them, unless specific conditions and safeguards are met. In the iGaming sector, this is particularly relevant where AI systems automatically block or close player accounts or refuse withdrawals. In practice, operators should embed human‑in‑the‑loop mechanisms, ensuring that significant interventions are reviewed and, where appropriate, overruled by trained staff.

Personalisation versus Manipulation: Drawing the Line

For iGaming operators, the core challenge lies in utilising AI systems to enhance player safety and engagement without crossing the line into manipulation or exploitation. A customised loyalty bonus aligned with a player’s declared preferences and historical spend can be a legitimate marketing tool. The same algorithm, if configured to intensify offers to players who show signs of financial distress or compulsive behaviour – for example, escalating bet amounts after repeated losses or extending session‑length suggestions – may lean towards a prohibited manipulation practice under the AI Act.

Emerging initiatives such as the Digital Fairness Act, which is expected to be formally proposed by the European Commission towards the end 2026, targets dark patterns and addictive design, indicating that EU policymakers are also increasingly intolerant towards interface and design choices that pressure users into decisions they might not otherwise take.

Ultimately, iGaming operators who integrate strong governance policies, ethical data use and player‑centric design into their AI strategy will be best positioned to leverage AI’s potential while remaining on the right side of an increasingly demanding regulatory landscape. Choosing the right path requires a clear grasp of the systems being deployed and the obligations that flow from the interconnected legal frameworks designed to deliver comprehensive regulatory oversight.


Disclaimer: An abridge version of this publication was published on the Corporate Times on the 28/06/26

Share

Go Back
01
image

How can we assist?

Contact us